Uncontrolled Search Path Element Vulnerability in Adobe ColdFusion
CVE-2026-48364

8.2HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
13 July 2026

What is CVE-2026-48364?

Adobe ColdFusion versions 2025.9, 2023.20, and earlier are susceptible to an Uncontrolled Search Path Element vulnerability. This flaw could enable attackers to execute arbitrary code within the context of the current user if they can convince them to open a specially crafted file. This highlights the importance of user education and secure coding practices to mitigate the risks associated with such vulnerabilities.

Affected Version(s)

ColdFusion 0 <= 2025.9

ColdFusion 0 <= 2025.9

ColdFusion 0 <= 2023.20

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.